U.S. ready to strike back against China cyberattacks

The building housing "Unit 61398" of the People's Liberation Army is seen in the outskirts of Shanghai today. Cyberattacks that stole information from 141 targets in the U.S. and other countries have been traced to the Chinese military unit in the building, a U.S. security firm alleged today.

WASHINGTON » As public evidence mounts that the Chinese military is responsible for stealing massive amounts of U.S. government data and corporate trade secrets, the Obama administration is eyeing fines and other trade actions it may take against Beijing or any other country guilty of cyberespionage.

According to officials familiar with the plans, the White House will lay out a new report today that suggests initial, more-aggressive steps the U.S. would take in response to what top authorities say has been an unrelenting campaign of cyberstealing linked to the Chinese government. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the threatened action.

The White House plans come after a Virginia-based cybersecurity firm released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. After analyzing breaches that compromised more than 140 companies, Mandiant has concluded that they can be linked to the People's Liberation Army's Unit 61398.

Military experts believe the unit is part of the People's Liberation Army's cyber-command, which is under the direct authority of the General Staff Department, China's version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China's military.

The release of Mandiant's report, complete with details on three of the alleged hackers and photographs of one of the military unit's buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage.

"If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation," said former FBI executive assistant director Shawn Henry. "This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be."

Henry, now president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity the government needs to focus more on how to deter the hackers and the nations that are backing them.

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China, adding that "this will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There's not an on-off switch."

The Chinese government, meanwhile, has denied involvement in the cyber-attacks tracked by Mandiant. Instead, the Foreign Ministry said that China, too, is a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.

"Among the above attacks, those from the U.S. numbered the most," Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking.

Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries.

China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan.

In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA's Unit 61398.

Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit's gates.

"In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and cooperation" of the Beijing government.

The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.

"At some point we do have to call the Chinese out on this," said Michael Chertoff, Homeland Security secretary under President George W. Bush and now chairman of the Chertoff Group, a global security firm. "Simply rolling over and averting our eyes, I don't think is a long-term strategy."

Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments.

"At the government level, I see this as a tool that they can use to have discussions with the Chinese, with allies, with others who are concerned about this problem and have an open dialogue without having to worry about sensitivities around disclosing classified information," Bejtlich said. "This problem is overclassified."

He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do.

Mandiant's report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions.

The White House would not comment on the report expected today.

"We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," said Caitlin Hayden, spokeswoman for the National Security Council. "The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace."

Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said the report reinforces the need for international agreements that prohibit cybercrimes and have a workable enforcement mechanism.

By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.

Leave a comment

Name:

Comment:

Please login to leave a comment.

lokelawrote:

Busted. How about bringing back all our overseas production in China back home. No more made in China.

on February 19,2013 | 05:20AM

Name:

Comment:

Pareidolicwrote:

hahahaa..... no

on February 19,2013 | 06:10PM

Name:

Comment:

HD36wrote:

I remember the cry was no more made in Japan in the 70's.

on February 19,2013 | 08:20PM

Name:

Comment:

Wahiawamaukawrote:

IRT Lokela: Big business owns our government with their bribes via lobbyists. We must march very soon in numbers.

on February 20,2013 | 03:03AM

Name:

Comment:

inversewrote:

Yes, and lets welcome more Chinese national visitors to stay and hang out in Hawaii. Couple weeks ago there were1600 Chinese Amway conventioneers and GUARANTEE within the group were Chinese national spies with the ultimate goal of probing for weaknesses BOTH computer and the human kind. And Chinese are not stoopid, the spy among the group was the most unassuming, attractive looking saleswoman that can reserved or the life of the party, speak perfect English and looks the hottest in a miniskirt. That person could easily make Streetpulse's Hottie of the Week. Men as powerful and intelligent as the President of the US like Bill Clinton, powerful military leaders like General Petraeus. some other general, elected officials like senator Robert Menendez & Anthony Weiner, Secret service personel, etc. can't control their themselves. Just like Rome was not built in a day, the goal is to keep coming back and truly integrate into Hawaii and mix either with military or the many Hawaii civilians who work for the military and have high security clearances. Not too hard to figure out the Chinese nationals wish list would be to obtain, or continue to obtain, the latest US nuclear propulsion technology and anti-missile missile technology which US currently dominates the rest of the world.

on February 19,2013 | 05:24AM

Name:

Comment:

Publicbraddahwrote:

And yet we continue to do business with them.

on February 19,2013 | 05:58AM

Name:

Comment:

Pareidolicwrote:

Because they're the lowest bidder. What part of this do you find confusing?

on February 19,2013 | 06:12PM

Name:

Comment:

Upperkulawrote:

Al quaida... The Chinese connection.

on February 19,2013 | 06:01AM

Name:

Comment:

DABLACKwrote:

Same O....politics at its worse. Are we looking to saluting the chinese flag in the near future ?? Enough already !! We must not fall for the "tricks of the trade". Maybe we need more women in charge....At least the chinese men/spies may learn a few tricks ! Ha !!

on February 19,2013 | 06:44AM

Name:

Comment:

iwanaknowwrote:

and this stuff is just the tip of the iceberg.

on February 19,2013 | 09:17AM

Name:

Comment:

Morimotowrote:

Both sides are hacking no doubt and both sides pretend they don't. While China violates numerous human rights, is it really worse than starting a war in a foreign country (Iraq) on allegations that are in all likelyhood false and resulting in the deaths of hundreds of thousands of people? And also invading another country (Afghanistan) who has done nothing to harm the US? Talk about the pot calling the kettle black.

on February 19,2013 | 09:23AM

Name:

Comment:

HD36wrote:

Good point. That's why the war on terrorism is unwinnable. The enemy is not a country but a thought.

on February 19,2013 | 08:24PM

Name:

Comment:

sailfish1wrote:

What the U.S. doesn't tell us is that the U.S. has people hacking into China's computers. Not just China, but every other foreign country, ally or not.

on February 19,2013 | 11:03AM

Name:

Comment:

HD36wrote:

Yea but God has chosen us to rule the world.

on February 19,2013 | 08:30PM

Name:

Comment:

HD36wrote:

Give China 10 cents on the dollar back on the trillion dollars of bonds the US owes them. This should cause interest rates to spike so high we'll have to cut 50% of government.

on February 19,2013 | 08:27PM

Name:

Comment:

Maneki_Nekowrote:

Just wait until we start bombarding the Central Committee with cat videos.

on February 19,2013 | 08:40PM

Name:

Comment:

9ronbozwrote:

Obama administration sanction trade? Serious! No guts no nuts

on February 19,2013 | 10:06PM

Name:

Comment:

Wahiawamaukawrote:

Baloney. The administration will lay out new steps and fines? LOL. How about taking them off the "most favored nation trading status"?